Re: [PATCH testsuite v2] Add tests for io_uring

[Ondrej Mosnacek <omosnace@redhat.com>]

On Mon, Nov 10, 2025 at 3:15 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> iouring.c is a lightly modified copy of the one from:
>     https://github.com/linux-audit/audit-testsuite
>
> Only minimal changes were made to allow iouring.c to work within the
> selinux-testsuite; more could be done to specialize it for the
> selinux-testsuite, including using libselinux rather than hand-rolling
> its own custom functions, but not sure if it is better to keep them as
> close as possible for future joint evolution or let them diverge.
>
> The audit-testsuite only appears to exercise the "iouring t1" test
> case; for the selinux-testsuite, a test script and test policy were
> created to exercise allowed and denied cases for each of the io_uring
> { override_creds sqpoll } permissions and for each of the anon_inode
> permissions required for the io_uring anon inodes to execute:
> 1. iouring t1 without any provided exec context, i.e. child process
>    runs in same context as the parent process,
> 2. iouring t1 with a provided exec context, i.e. child process runs in
>    a different context from the parent process, and
> 3. iouring sqpoll.
>
> To avoid a tight coupling on Fedora policy, which defines a default
> type transition on io_uring anon_inodes to a single type for all
> domains, the test policy is written using the minimal testsuite domain
> type interface so that the test domains are not associated with the
> domain attribute and can therefore have their own unique type
> transitions defined for testing purposes.
>
> Since the base policy on recent Fedora includes the base set of
> io_uring permissions, the conditional guards in the policy and
> tests Makefiles simply test for the definition of the io_uring
> class in the policy support files to determine whether to enable
> the test policy and tests to run.
>
> This change does not include tests for the later additions to the
> io_uring class for cmd and allowed, which were added to subsequent
> kernel versions. The allowed permission does not yet appear to be
> defined in either Fedora policy or refpolicy, so testing that
> permission would require a modified base module. Such tests should
> be added in a future change.
>
> This change also does not explicitly test that io_uring operations on
> files, sockets, etc are subject to the usual SELinux permission checks
> for such objects in the appropriate subject context. Tests for these
> should likewise be added in a future change.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> v2 addresses feedback from Ondrej Mosnacek <omosnace@redhat.com>,
> including updating tmt/tests.fmf, the README.md Debian list,
> and adding --pid $$ < /dev/null to the secon commands to avoid
> a dependency on having a terminal.

The "< /dev/null" isn't actually needed there, I just used it to
demonstrate the bug. Anyway, I applied the patch with the redirections
removed and also removed one extra empty line at end of file that git
warned about.

https://github.com/SELinuxProject/selinux-testsuite/commit/3b4e44eb32430163b5e823e266495dc57813fe9c

Thanks!

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.